- Products
- Learn
- Local User Groups
- Partners
- More
Access Control and Threat Prevention Best Practices
5 November @ 5pm CET / 11am ET
Ask Check Point Threat Intelligence Anything!
October 28th, 9am ET / 3pm CET
Check Point Named Leader
2025 Gartner® Magic Quadrant™ for Hybrid Mesh Firewall
HTTPS Inspection
Help us to understand your needs better
CheckMates Go:
Spark Management Portal and More!
Hi!
I've recently installed a Full HA Cluster configuration in R81.10. Everything went well with the primary, installation, wizard, configuration of the policy...
Then I installed the secondary, wizard selecting Secondary MGMT and ClusterXL, and initial SIC password. Then SIC completed on the FW object, policy installation...
And everything OK on the gateway part. Cluster is working, connections synchronized, etc...
But on the MGMT part, the sync is not working. When you try to do a full sync the primary says it can't contact with its peer.
And checking on Monitor, the Secondary complains that the Security Management CA is not running.
And if you do a cpstat mg, on the part of Internal CA status you get a "?"
Licenses are OK, and as I said I did nothing special during the installation (because it really doesn't give you choices where to fail).
Any ideas?
Thanks
Did you try reboot?
Andy
Hi!
Of course! 🙂 First a cpstop / cpstart and then a reboot after it didn't change anything
Fair enough. Can you send screenshot of the error?
Hi!
Checked this posts. About the first ones, both machines are using NTP and have the same time. About the second one, the first two checks ok, ports up, but
ps -aux | grep solr-solrj > check if the CPM service is running --> there's no CPM process
What does api status show?
[Expert@FW-IRL-2:0]# api status
API Settings:
---------------------
Accessibility: Require local
Automatic Start: Disabled
Processes:
Name State PID More Information
-------------------------------------------------
API Started 21881
CPM Started 21881 Check Point Security Management Server is running and ready
FWM Started 22568
APACHE Started 11789
Port Details:
-------------------
JETTY Internal Port: 54286
JETTY Documentation Internal Port: 57453
APACHE Gaia Port: 443
Profile:
-------------------
Machine profile: Small Medium env resources profile
CPM heap size: 1280m
Apache port retrieved from: dbget http:ssl_port
--------------------------------------------
Overall API Status: Started
--------------------------------------------
API readiness test SUCCESSFUL. The server is up and ready to receive connections
Correction about the last post, there's indeed CPM process, what fails is what the post suggests, ps -aux | grep solr-solrj shows no results
What does below show?
$FWDIR/scripts/./cpm_status.sh
[Expert@FW-IRL-2:0]# ./cpm_status.sh
Check Point Security Management Server is running and ready
Can you try log into that member and see if it syncs?
No, you can't log into FW2 with Smartconsole
To be honest. That is a setup that has a number of limitations and issues that you don't want to find out the hard way.
So SmartCenter always goes on seperate system and not on the gateway in a cluster setup.
Not sure why you have choosen for this setup as it is a pain.
I will never forget what customer told me ages ago about full HA "When it works, its heaven, but when it breaks, its a true nightmare"
But then I guess then can be said for most things lol
Anyway, @Hugo_vd_Kooij , I totally get what you are saying.
Andy
 
					
				
				
			
		
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count | 
|---|---|
| 19 | |
| 17 | |
| 13 | |
| 11 | |
| 11 | |
| 7 | |
| 7 | |
| 7 | |
| 6 | |
| 4 | 
Tue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionTue 28 Oct 2025 @ 11:00 AM (EDT)
Under the Hood: CloudGuard Network Security for Google Cloud Network Security Integration - OverviewTue 28 Oct 2025 @ 12:30 PM (EDT)
Check Point & AWS Virtual Immersion Day: Web App ProtectionThu 30 Oct 2025 @ 03:00 PM (CET)
Cloud Security Under Siege: Critical Insights from the 2025 Security Landscape - EMEAThu 30 Oct 2025 @ 11:00 AM (EDT)
Tips and Tricks 2025 #15: Become a Threat Exposure Management Power User!About CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY